Enigmail Cannot Decrypt Messages from Apple Mail (GPGSuite Plugin)

[Paul Martin]

System info:
OSX 10.11.6
Thunderbird 52.1.0
Enigmail 1.9.6.1
GPGSuite2016.10

Currently using Apple Mail with GPGSuite plugin to encypt emails. I'd like to move to Thunderbird to integrate calendar/mail/irc into one applicaiton as Outlook doesn't support GPG encryption. Currently using Office 365 hosted by Microsoft. I have successfully added email account and can encrypt/decrypt messages sent from Thunderbird to Thunderbird. However, I cannot decrypt messages sent from Apple Mail. Apple Mail can decypt messages sent from Thunderbird. Thunderbird shows 2 attachments, the signature and the encryted .asc file. I have also tried to right click the attachment and "Decrypt and Open", but nothing happens. I can send header information if that helps. Thank you!

[Patrick Brunschwig]

Can you please attach a sample message? If you can, then please simply remove the content of the encrypted part, and from/to/subject.

[Paul Martin]

Attached, let me know if this doesn't have the information needed.

[Patrick Brunschwig]

I see ... a message sent via Exchange. We already implemented some hacks to "repair" & decrypt those mails, as they do not conform to PGP/MIME.

Can you send me the complete message source (in a private mail), as .eml file? --> patrick AT enigmail DOT net

[Paul Martin]

Thank you for your help. I sent the .eml file earlier today. Let me know what other information might be helpful.

[Patrick Brunschwig]

I definitely need to anayze this in more detail. It's a new type of Exchange message that I never saw before. This will unfortunately take quite a while.

[Matthew Eshleman]

I have this issue as well. In our case it is when an email is sent within the Office 365 tenant from Mac Mail to another recipient. If the email is sent from Mac Mail to another recipient (even in another Office 365 tenant), the message can be "repaired" and viewed.

I worked with Microsoft support on this, but they wouldn't work on it and said it was a client side issue.

[Patrick Brunschwig]

Can you attach an exmple message, or send me an example message please?

[Patrick Brunschwig]

Matthew, the headers you sent me tell me that you got a MS-TNEF / winmail.dat file. That's not a broken PGP/MIME message, but a completely different type of message. I couln't even tell you if the mail was encrypted at all. In any case, Enigmail will not handle such messages.

To read the mail, you might want to try the Add-on "LookOut".

[Matthew Eshleman]

I added "LookOut", but it didn't make a difference. i have followed up with GPG Tools to see if we can change something on their side.

[Patrick Brunschwig]

Paul, I implemented the changes that are required to support this type of messages today. This will be part of the next Enigmail release.

[Gérard Vidal]

Hi I have got the same problem with engmail 2.0.5 on thunderbird 52.8.0 debian buster. If I save the encrypted.asc I can decrypt it with gpg (with character coding errors). The header of the decrypted file is

Content-Type: multipart/signed;
    boundary="Apple-Mail=_6D6E44F1-99B9-49AD-A980-62E804555171";
    protocol="application/pgp-signature";
    micalg=pgp-sha512

--Apple-Mail=_6D6E44F1-99B9-49AD-A980-62E804555171
Content-Type: multipart/alternative;
    boundary="Apple-Mail=_3C0739B1-356C-4753-A7D7-154CE6E517E4"

--Apple-Mail=_3C0739B1-356C-4753-A7D7-154CE6E517E4
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
    charset=utf-8

Is it a configuration problem from the sender or from me or a missing feature in enigmail?
Thanks for your work

[Patrick Brunschwig]

Are you sure that the error is because it's a message from GPGTools? What error message do you get from Enigmail?

[Gérard Vidal]

Thanks for this quick answer,
I have no error message, I just receive a message displaying the ascii 80 col crypted message as shown below, with the comment GPGTools

-----BEGIN PGP MESSAGE-----
Comment: GPGTools - https://gpgtools.org

hQIMAz1f8tvF+KW7ARAAqnQzqeHfN5QueoN7/uPAyeZh5uLmIfY+JgkpcCty3p6h
YjxgxOefRPeDrfeltVHhazBq3GV/kUnp0yjyo9CRCp1F4Ygr0dauOMHN2C+cfYMA
.../...

I suspect the sender tohave a wrong configuration but still the mistake deals wit GPGTools.

Hope you have a clue

[Patrick Brunschwig]

Can you send me the complete headers of the message, up to the following lines?

-----BEGIN PGP MESSAGE-----
Comment: GPGTools - https://gpgtools.org

You can send them directly to me, such that you don't need to redact anything.

[Gérard Vidal]

Hi,
Sent the copy of the headers from the mail saved as a file to the adress you gave upper in the trend.
thanks

[Patrick Brunschwig]

The problem with the messsage is that the main content-type is not multipart/encrypted but multipart/mixed. Therefore Enigmail cannot detect that this is an encrypted message. I have never seen such a message; I believe that the message was modified during transmission by an MTA (mail transfer agent). I'll check with the GPGTools developers if they create such messages, but I don't think so.

[Gérard Vidal]

Thanks for your time and investigations.
I will track the problem with the sender, he might have send the mail behind a very strict (and possibly badly configured) firewall with various proxies that may not recognise secured exchanges... If we find the culprit we will let you know.
thanks again.